Date: Thu, 26 Apr 2007 22:29:35 +0300 From: "Lubomir Georgiev" <0shady0recs0@gmail.com> To: freebsd-ipfw@freebsd.org Subject: ipfw with nat - allowing by MAC address Message-ID: <937e203f0704261229n56f50ce6p7e5874b6046d292e@mail.gmail.com> In-Reply-To: <52464.BUtUVAdKVgE=.1177615458.squirrel@webmail.freebsdbrasil.com.br> References: <937e203f0704241000k1db56507jba1b0ac89cd3aece@mail.gmail.com> <4178.BUtUVAdKVgE=.1177554351.squirrel@webmail.freebsdbrasil.com.br> <937e203f0704261156ia80fad3v80d12d9e09adeb07@mail.gmail.com> <52464.BUtUVAdKVgE=.1177615458.squirrel@webmail.freebsdbrasil.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
OK - So I guess we might have a problem... bogoqho# uname -a FreeBSD bogoqho.com 6.1-RELEASE FreeBSD 6.1-RELEASE # I'm currently thinking about using the deny approach you initially recommended. I'll just add an allow rule via the internal iface which will still allow me to ssh in and if everything else is OK then I guess that will be it. I'll check back shortly - in the mean time if you have any suggestions, feel free. On 4/26/07, eksffa@freebsdbrasil.com.br <eksffa@freebsdbrasil.com.br> wrote: > > > Thanks for everyone's continuing attempts to help! > > > > OK so I tried putting in the ruleset which you provided - and I hit a > > rock > > very early in the run. IPFW returns that it doesn't understand the tag > > option. > > > > ipfw add 501 skipto 1400 tag 1 log logamount 0 ip from any to any > layer2 > > via $ifi > > > > > > Does this sound familiar? What should I do? > > tag/tagged features were commited somewhere in time between 6.1-STABLE and > 6.2-RELEASE, if I remember well. So the first release to have it is 6.2-R; > > csup to RELENG_6 branch to get the latest -STABLE; > > > > -- mEsS wItH tHe bEsT dIE liKe tHe rESt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?937e203f0704261229n56f50ce6p7e5874b6046d292e>